Here is the output of the requested commands. The -Z shows the selinux
contexts...
> [r...@localhost fw]# pwd
> /BackupData/pc/fw
> [r...@localhost fw]# getenforce
> Enforcing
> [r...@localhost fw]# ls -la -Z
> drwxr-x--- backuppc backuppc root:object_r:var_lib_t .
> drwxr-x--- backuppc root system_u:object_r:var_lib_t ..
> drwxr-x--- backuppc backuppc root:object_r:var_lib_t 0
> drwxr-x--- backuppc backuppc root:object_r:var_lib_t 1
> -rw-r----- backuppc backuppc root:object_r:var_lib_t backups
> -rw-r----- backuppc backuppc root:object_r:var_lib_t backups.old
> -rw-r----- backuppc backuppc root:object_r:var_lib_t LOCK
> -rw-r----- backuppc backuppc root:object_r:var_lib_t LOG.062009
> -rw-r----- backuppc backuppc root:object_r:var_lib_t XferLOG.0.z
> -rw-r----- backuppc backuppc root:object_r:var_lib_t XferLOG.1.z
> [r...@localhost fw]#
> --
>
If it turns out to be a selinux issue (which by now it does appear to be),
I'd rather not disable selinux, but rather debug the context issues...
I just found some selinux errors in /var/log/messages:
Jun 24 14:46:21 localhost setroubleshoot: SELinux is preventing access to
> files with the label, file_t. For complete SELinux messages. run sealert -l
> 0de6d349-55f3-4ae2-aa9b-cfa3228e9c32
>
Here is the output of the sealert command:
sealert -l 0de6d349-55f3-4ae2-aa9b-cfa3228e9c32
>
> Summary:
>
> SELinux is preventing access to files with the label, file_t.
>
> Detailed Description:
>
> SELinux permission checks on files labeled file_t are being denied. file_t
> is
> the context the SELinux kernel gives to files that do not have a label.
> This
> indicates a serious labeling problem. No files on an SELinux box should
> ever be
> labeled file_t. If you have just added a new disk drive to the system you
> can
> relabel it using the restorecon command. Otherwise you should relabel the
> entire
> files system.
>
> Allowing Access:
>
> You can execute the following command as root to relabel your computer
> system:
> "touch /.autorelabel; reboot"
>
> Additional Information:
>
> Source Context root:system_r:httpd_t
> Target Context system_u:object_r:file_t
> Target Objects / [ dir ]
> Source perl5.8.8
> Source Path /usr/bin/perl5.8.8
> Port <Unknown>
> Host dumbo
> Source RPM Packages perl-5.8.8-18.el5_3.1
> Target RPM Packages filesystem-2.4.0-2.el5.centos
> Policy RPM selinux-policy-2.4.6-203.el5
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name file
> Host Name localhost
> Platform Linux localhost 2.6.18-128.1.14.el5 #1 SMP
> Wed Jun 17
> 06:40:54 EDT 2009 i686 i686
> Alert Count 579
> First Seen Sun Jun 21 19:35:32 2009
> Last Seen Wed Jun 24 16:31:07 2009
> Local ID 0de6d349-55f3-4ae2-aa9b-cfa3228e9c32
> Line Numbers
>
> Raw Audit Messages
>
> host=localhost type=AVC msg=audit(1245886267.914:1245): avc: denied {
> search } for pid=1898 comm="perl5.8.8" name="/" dev=dm-4 ino=2
> scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:file_t:s0
> tclass=dir
>
> host=localhost type=SYSCALL msg=audit(1245886267.914:1245): arch=40000003
> syscall=195 success=no exit=-13 a0=8bd37f8 a1=8a6d0c8 a2=aa4ff4 a3=8bd37f8
> items=0 ppid=23678 pid=1898 auid=0 uid=101 gid=48 euid=101 suid=101
> fsuid=101 egid=48 sgid=48 fsgid=48 tty=(none) ses=28 comm="perl5.8.8"
> exe="/usr/bin/perl5.8.8" subj=root:system_r:httpd_t:s0 key=(null)
>
It sounds like this might be helpful for me:
> You can execute the following command as root to relabel your computer
> system:
> "touch /.autorelabel; reboot"
>
I guess I'll give it a shot and see what happens... Does anyone want to
weigh in on whether I should try "touch /.autorelabel; touch
/BackupData/.autorelabel; reboot" since the file system in question is
mounted to /BackupData, not '/' ?
[r...@localhost fw]# mount
> ...
> /dev/mapper/VolGroup01-LogVol03 on /BackupData type ext3 (rw)
>
>
------------------------------------------------------------------------------
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
